Attachment #1293 for bug #1215

Lines 83-88 Link Here

(-)auth-pam.c (-6 / +19 lines)
83	extern int compat20;	83	extern int compat20;
84	extern u_int utmp_len;	84	extern u_int utmp_len;
85		85
		86	#define PAM_MAP_USER "PAM_MAP_USER"
		87	#define PAM_MAP_USER_LEN 12
		88
86	/* so we don't silently change behaviour */	89	/* so we don't silently change behaviour */
87	#ifdef USE_POSIX_THREADS	90	#ifdef USE_POSIX_THREADS
88	# error "USE_POSIX_THREADS replaced by UNSUPPORTED_POSIX_THREADS_HACK"	91	# error "USE_POSIX_THREADS replaced by UNSUPPORTED_POSIX_THREADS_HACK"
Lines 281-286 Link Here
281	if (strcmp(user, sshpam_authctxt->pw->pw_name) != 0) {	284	if (strcmp(user, sshpam_authctxt->pw->pw_name) != 0) {
282	debug("PAM: user mapped from '%.100s' to '%.100s'",	285	debug("PAM: user mapped from '%.100s' to '%.100s'",
283	sshpam_authctxt->pw->pw_name, user);	286	sshpam_authctxt->pw->pw_name, user);
		287	setenv(PAM_MAP_USER, user, 1);
		288	debug("Setting " PAM_MAP_USER " to %s", user);
284	if ((pw = getpwnam(user)) == NULL)	289	if ((pw = getpwnam(user)) == NULL)
285	fatal("PAM: could not get passwd entry for user "	290	fatal("PAM: could not get passwd entry for user "
286	"'%.100s' provided by PAM_USER", user);	291	"'%.100s' provided by PAM_USER", user);
Lines 326-343 Link Here
326	sshpam_password_change_required(buffer_get_int(b));	331	sshpam_password_change_required(buffer_get_int(b));
327	user = buffer_get_string(b, NULL);	332	user = buffer_get_string(b, NULL);
328	debug("PAM: got username '%.100s' from thread", user);	333	debug("PAM: got username '%.100s' from thread", user);
329	if ((err = pam_set_item(sshpam_handle, PAM_USER, user)) != PAM_SUCCESS)
330	fatal("PAM: failed to set PAM_USER: %s",
331	pam_strerror(sshpam_handle, err));
332	pwfree(sshpam_authctxt->pw);
333	sshpam_authctxt->pw = pwcopy(sshpam_getpw(user));
334		334
335	/* Import environment from subprocess */	335	/* Import environment from subprocess */
336	num_env = buffer_get_int(b);	336	num_env = buffer_get_int(b);
337	sshpam_env = xmalloc((num_env + 1) * sizeof(*sshpam_env));	337	sshpam_env = xmalloc((num_env + 1) * sizeof(*sshpam_env));
338	debug3("PAM: num env strings %d", num_env);	338	debug3("PAM: num env strings %d", num_env);
339	for(i = 0; i < num_env; i++)	339	for(i = 0; i < num_env; i++) {
340	sshpam_env[i] = buffer_get_string(b, NULL);	340	sshpam_env[i] = buffer_get_string(b, NULL);
		341	debug(sshpam_env[i]);
		342	if (strncmp(sshpam_env[i], PAM_MAP_USER, PAM_MAP_USER_LEN) == 0) {
		343	user = sshpam_env[i] + PAM_MAP_USER_LEN + 1;
		344	if ((err = pam_set_item(sshpam_handle, PAM_USER, user))
		345	!= PAM_SUCCESS)
		346	fatal("PAM: failed to set PAM_USER: %s",
		347	pam_strerror(sshpam_handle, err));
		348	pwfree(sshpam_authctxt->pw);
		349	sshpam_authctxt->pw = pwcopy(sshpam_getpw(user));
		350
		351	debug("RESTORED USER %s", user);
		352	}
		353	}
341		354
342	sshpam_env[num_env] = NULL;	355	sshpam_env[num_env] = NULL;
343		356

Return to bug 1215